Compliance Engineer

Summary

Join UltraViolet Cyber, a leading unified security operations company, and make a difference. As a key member of our team, you will advise on compliance, audit, and security requirements, support various audiences in developing security controls, and act as a point of contact for external assessments. You will also assist with internal risk assessments, audits, and policy benchmarking. This role involves internal consulting, recommending process improvements, reviewing contracts, and maintaining governance functions. You will interface with external auditors and coordinate responses to RFPs and security questionnaires. This position requires a Bachelor's degree, significant experience in GRC and IT audit, and advanced knowledge of relevant standards.

Requirements

• Bachelor's Degree in Computer Science or related field
• 5+ years of experience in GRC and/or IT audit related projects
• Advanced knowledge of NIST 800, FedRAMP, and industry standards
• 3+ years of experience with IT controls, best practices, and procedures
• Experience with cloud-hosted applications

Responsibilities

• Advises on compliance, audit and/or security requirements in association with applicable standards/regulations and/or best practices, including NIST and FISMA
• Supports multiple audiences (of varying technical proficiency) in developing and following appropriate security and privacy controls around IT operations
• Acts as a point of contact for external assessments related to achieving required certifications and customer contractual requirements
• Assists with internal risk assessment, audits, and benchmarking of security policies against regulations and standards across multiple business segments and products
• Operates as an internal consultant, researching and recommending changes to enhance or streamline quality and information security procedures, including internal and external auditing
• Reviews hosting, security, and audit contract terms and ensures compliance to current policies and processes
• Assists with the oversight to help maintain governance functions, including security policy and process development and updates
• Interfaces with external auditors to discuss security or IT hosting operations-related concerns during audits and collect and defend relevant evidence
• Coordinates responses to RFP and security questionnaires
• Follows established processes and procedures to ensure compliance with the policy
• Maintains multiple complex programs with little supervision, escalating issues as appropriate
• Communicates regularly with both GRC and IT teams